[WEBINAR] Application Acceleration: Faster Performance for End Users

Secure Cookie

Definition - What does Secure Cookie mean?

A secure cookie, also known as httpOnly cookie, is a type of cookie that only works with HTTP/HTTPS and does not work for scripting languages like JavaScript. Since it is only used in storing information and used for hypertext transfer protocol requests and data over the internet, exploits and hacks made through scripting are unable to access them. So a secure cookie's main benefit is that it can stop theft through cross-site scripting (XSS).

Techopedia explains Secure Cookie

A secure cookie always has the secure attribute activated, so it is used mostly via HTTPS and securely transmitted with encrypted connections. The httpOnly flag in the secure cookie header ensures that JavaScript or any non-HTTP methods cannot access the cookie. The cookie works through the assistance of two headers: set-cookie and cookie. The job of the set-cookie header is to create a secured cookie on the user’s system in response to a http request. While the cookie header is part of the application with an http request sent to the server to validate if there is a secure cookie that matches the domain and path requested.

The secure attribute and httpOnly flag work together to ensure that the browser is able to restrict access to the secure cookie data from malicious scripts that may have infected the browser or the network. This mitigates many of the damages that many XSS attacks can cause, specifically those that target cookies.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.